unit Main; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs,TlHelp32, StdCtrls, ComCtrls,psAPI; type PTokenUser = ^TTokenUser; _TOKEN_USER = record User: TSIDAndAttributes; end; TTokenUser = _TOKEN_USER; TForm1 = class(TForm) btn_Get: TButton; Lv_Process: TListView; procedure btn_GetClick(Sender: TObject); procedure FormCreate(Sender: TObject); private { Private declarations } function GetMemUsedText(memsize:Cardinal):string; function GetProcessPriority(priority:Cardinal):string; function GetCupUsedPercent(hprocess:THandle):string; function GetProcessUser(hprocess:THandle):string; public { Public declarations } end; var Form1: TForm1; implementation {$R *.dfm} { 作用:提权到Debug,为了在Vista和Win7下读取系统信息,运行时需要以管理员身份运行 } function PromoteProcessPrivilege(Processhandle:Thandle;Token_Name:pchar):boolean; var Token:cardinal; TokenPri:_TOKEN_PRIVILEGES; Luid:int64; i:DWORD; begin Result:=false; //打开令牌 if OpenProcessToken(Processhandle,TOKEN_ADJUST_PRIVILEGES,Token) then begin //看系统权限的特权值 if LookupPrivilegeValue(nil,Token_Name,Luid) then begin TokenPri.PrivilegeCount:=1; TokenPri.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED; TokenPri.Privileges[0].Luid:=Luid; i:=0; //提权 if AdjustTokenPrivileges(Token,false,TokenPri,sizeof(TokenPri),nil,i) then Result:=true; end; end; CloseHandle(Token); end; function AddFileTimes(KernelTime, UserTime: TFileTime): TDateTime; var SysTimeK, SysTimeU: TSystemTime; begin FileTimeToSystemTime(KernelTime, SysTimeK); FileTimeToSystemTime(UserTime, SysTimeU); Result :=SystemTimeToDateTime(SysTimeK)+SystemTimeToDateTime(SysTimeU); end; //获取CPU时间 function GetProcCPUTime(procID:THandle): TDateTime; var CreationTime, ExitTime, KernelTime, UserTime: TFileTime; begin GetProcessTimes(procID, CreationTime, ExitTime, KernelTime,UserTime); Result := AddFileTimes(KernelTime, UserTime); end; procedure TForm1.btn_GetClick(Sender: TObject); var hSnapShot,hProcess,hModel:THandle; pEntry:TProcessEntry32; find:Boolean; item:TListItem; //内存信息 pPMC:PPROCESS_MEMORY_COUNTERS; pPMCSize,ProcessPriority:Cardinal; n:DWORD; fName:array [0..MAX_PATH-1] of char; begin //创建进程快照 hSnapShot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); pEntry.dwSize := SizeOf(pEntry); //第一个进程 find := Process32First(hSnapShot,pEntry); while find do begin item := Lv_Process.Items.Add; //进程名 item.Caption := pEntry.szExeFile; //进程ID item.SubItems.Add(IntToStr(pEntry.th32ProcessID)); pPMCSize := SizeOf(PROCESS_MEMORY_COUNTERS); GetMem(pPMC,pPMCSize); pPMC.cb := pPMCSize; //打开进程,增加PROCESS_VM_READ权限,以便后面获取完整路径时使用 hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,False,pEntry.th32ProcessID); //获取内存信息 if GetProcessMemoryInfo(hProcess,pPMC,pPMCSize) then begin //取得进程的用户 item.SubItems.Add(GetProcessUser(hProcess)); //内存使用 item.SubItems.Add(GetMemUsedText(pPMC.WorkingSetSize)); //内存峰值 item.SubItems.Add(GetMemUsedText(pPMC.PeakWorkingSetSize)); //CPU时间 item.SubItems.Add(FormatDateTime('hh:mm:ss',GetProcCPUTime(hProcess))); //获取优先级 ProcessPriority := GetPriorityClass(hProcess); item.SubItems.Add(GetProcessPriority(ProcessPriority)); //根据进程句柄找到模块句柄 ENumProcessModules(hProcess,@hModel,SizeOf(hModel),n); //取得完整路径 GetModuleFileNameEx(hProcess,hModel,fName,Length(fName)); item.SubItems.Add(fName); end; FreeMem(pPMC); CloseHandle(hProcess); find := Process32Next(hSnapShot,pEntry); end; end; function TForm1.GetCupUsedPercent(hprocess: THandle): string; begin end; function TForm1.GetMemUsedText(memsize: Cardinal): string; begin Result := IntToStr(memsize div 1024) + ' K'; end; function TForm1.GetProcessPriority(priority: Cardinal): string; begin case priority of IDLE_PRIORITY_CLASS: Result := '低'; NORMAL_PRIORITY_CLASS: Result := '普通'; HIGH_PRIORITY_CLASS: Result := '高'; REALTIME_PRIORITY_CLASS: Result := '实时'; end; end; //获取进程的所属用户 function TForm1.GetProcessUser(hprocess: THandle): string; var hToken:THandle; dwSize,dwUserSize,dwDomainSize:DWORD; pUser:PTokenUser; szUserName, szDomainName: array of Char; peUse: SID_NAME_USE; begin //打开权限 if not OpenProcessToken(hprocess,TOKEN_QUERY,hToken) then Exit; //获取令牌信息,这里第三个参数使用了nil,是先返回实际大小dwSize,然后根据这个大小去分配内存 GetTokenInformation(hToken,TokenUser,nil,0,dwSize); pUser := nil; //分配空间 ReallocMem(pUser,dwSize); dwUserSize := 0; dwDomainSize := 0; //获取信息 if not GetTokenInformation(hToken,TokenUser,pUser,dwSize,dwSize) then Exit; //查找用户信息,先返回用户名和域名的大小,当然你也可以一次性得到,即不使用动态数组 LookupAccountSid(nil,pUser.User.Sid,nil,dwUserSize,nil,dwDomainSize,peUse); if (dwUserSize <> 0) and (dwDomainSize <> 0) then begin //分配长度 SetLength(szUserName,dwUserSize); SetLength(szDomainName,dwDomainSize); //再次,获取用户名和域名 LookupAccountSid(nil,pUser.User.Sid,PChar(szUserName),dwUserSize,PChar(szDomainName),dwDomainSize,peUse); end; Result := PChar(szUserName)+'/'+PChar(szDomainName); CloseHandle(hToken); FreeMem(pUser); end; procedure TForm1.FormCreate(Sender: TObject); begin PromoteProcessPrivilege(GetCurrentProcess,'SeDebugPrivilege'); end; end.